CX Second_Order_SQL_Injection @ website/include/admins.php [master]

[vish07]

Second_Order_SQL_Injection issue exists @ website/include/admins.php in branch master

Method check_login at line 79 of website\include\admins.php gets database data from the mysql_fetch_assoc element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in a database query in method login_admin at line 57 of website\include\admins.php. This may enable an Second-Order SQL Injection attack.

Severity: High

CWE:89

Vulnerability details and guidance

Checkmarx

Lines: 87

---

Code (Line #87):

     return mysql_fetch_assoc($res);

---

[vish07]

Issue still exists.

[vish07]

Issue still exists.